Share via

Azure VPN on Mac: Connected but Unable to Browse the Internet

Istvan Fazakas 0 Reputation points
2025-01-23T13:42:25.2533333+00:00

I have the following setup:

  • Azure virtual Network
    • having address space 10.0.0.0/16
    • 3 subnets:
      • application_subnet
        • address prefixes: 10.0.2.0/24
      • vpn_gateway_subnet
        • address prefixes: 10.0.5.0/24
      • app_gateway_subnet
        • address prefixes: 10.0.6.0/24
  • Azure VPN Gateway
    • RouteBased
    • having ip configuration with the vpn_gateway_subnet subnet id
    • Point-to-site configuration
      • authentication type: AAD
      • address space: 172.10.0.0/24
      • audience is a custom application, having c632b3df-fb67-4d84-bdcf-b95ad541b5c8 client ID added to the scope of the application
      • added 0.0.0.0/1 and 128.0.0.1/1 for forced tunneling,

I am on Mac, I downloaded the Azure VPN client, downloaded the configuration from the VPN Gateway Point-to-Site configuration.

I updated the downloaded XML file, adding <applicationid>c632b3df-fb67-4d84-bdcf-b95ad541b5c8</applicationid> as it was mentioned on one of the discussions (p.s. I also tried it without this setting).

The VPN client is connecting successfully - authentication with Microsft Entra ID is working.

When I try to access anything in the browser or try to ping anything in the terminal, I can see in the VPN client that I do have outbound traffic, but the inbound traffic is 0 -> nothing is working.

Screenshot 2025-01-23 at 15.39.05

How could I properly debug this? What could cause the issue?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,622 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,602 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Istvan Fazakas 0 Reputation points
    2025-01-24T19:53:33.8433333+00:00

    Hello,

    Thank you for checking this.

    1. In case I remove force tunneling, there will be absolutely no traffic flowing through - both in and out bytes show 0
    2. I am using the Azure provided DNS
    3. I did not try, as I have my whole dev setup on Mac - I will give it a try next week.

    Meantime I tried setting up a route table and an NSG - with those set up I did manage to see some traffic in and out, however the requests are timing out, and the websites are not loading.

    In the route table I added as address prefix the public IP of my app service (the one I am trying to put behind a VPN).

    In the NSG setup I added Inbound and Outbound security rule for Icmp, having the VPN gateway address space set as source/destination address prefix
    and an Inbound and Outbound security rule for TCP, allowing * for bot source and destination address prefixes.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.